Where to store JWT - ace-han/vue-drf-jwt GitHub Wiki
As per
https://dev.to/rdegges/please-stop-using-local-storage-1i04
https://stackoverflow.com/questions/34817617/should-jwt-be-stored-in-localstorage-or-cookie
We should stop store JWT in localStorage. Instead, we should store JWT in Cookie
- Single Page Application (SPA)
Cookie
- login set
access_token
andrefresh_token
in cookies- go to
next=url
if any- before ajax, get CSRF token from
js-cookie
and set it in asconfig.headers['X-CSRFToken'] = $csrfToken
according tocsrf.py
indjango/middleware/csrf.CsrfViewMiddleware#process_view
- for every ajax with response status code 4xx,
do_refresh_token
and queue-up deferred ajax calls- if
do_refresh_token
get a newaccess_token
then do the queue-up deferred ajax calls- else redirect to login
- Mobile
Android: SharedPreferences
iOS: KeyChain or UserDefault - Weapp and likewise app
localStorage
(Yes, localStorage. But we can do it withweapp-cookie
to keep aligned with the operations inSPA
)